Security Researcher
Web3 Security Researcher | Securing the EVM ecosystem DM for private audits
High
Solo
Total
Medium
Solo
Total
Total Earnings
#156 All Time
Payouts
2nd Places
3rd Places
Top 10
All
Sherlock
Code4rena
Cantina
CodeHawks
Immunefi
Hats Finance
Sep '24
Jul '24
high
`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`
medium
A dev will lose rewards if after claiming his rewards he mints an NFT
medium
Pause and unpause functions are inaccessible
medium
Lack of ability to make an some external function calls makes the DAO stage unreachable.
May '24
medium
Mar '24
Feb '24
high
medium
Jan '24
medium
medium
Aug '23
Jul '23
May '23
Apr '23
Mar '23
high
Deposit queue and rollover queue can be DOS by a malicious user
high
User can avoid paying depositFee by rolling over from previous epoch
high
`enlistInRollover()` wrongly updates state of `ownerToRollOverQueueIndex[_receiver]`
medium
Epoch is considered both started and not started when `block.timestamp == epochConfig[_id].epochBegin`
medium
It is still possible for users to lose their funds when the counterparty vault has no deposits
Feb '23
Findings not publicly available for private contests.
Findings not publicly available for private contests.
high
`fundingTotals` is not accounted for when deposits are refunded
high
`refundDeposit()` can reach the out-of-gas state
high
An attacker can use a malicious token contract to force prevent atomic bounty and tiered percentage bounty claims
medium
Whitelisted tokens are not limited by `TOKEN_ADDRESS_LIMIT`
medium
`getLockedFunds()` is calculating locked funds wrongly if there are claims made
Jan '23
high
Assets can be stolen when rebalancing if there are excess tokens in spot swap
high
Funds that are meant to be used for insurance can be maliciously used to pay for rebalance instead.
medium
Protocol cannot actually rebalanceNegative due to missing approval.
medium
Wrong number of decimals used when depositing `quoteAmount` in rebalance
Dec '22
high
Hijacking of node operators minipool causes loss of staked funds
medium
slashing fails when node operator doesn't have enough staked `GGP`
medium
Recreated pools receive a wrong AVAX amount due to miscalculated compounded liquid staker amount
medium
NodeOp funds may be trapped by a invalid state transition
Findings not publicly available for private contests.
Nov '22
high
`deposits[]` and `withdraws[]` are unbounded. This will lead to users being unable to `withdrawUSDC()` or `dequeueCrab()`
high
Malicious user with a USDC blacklisted address can break the protocol's `netAtPrice()` functionality
medium
Wrong number of decimals used in computation result in wrong values of WETH transferred
high
Reentrancy in LiquidStakingManager.sol#withdrawETHForKnow leads to loss of fund from smart wallet.
medium
Address.isContract() is not a reliable way of checking if the input is an EOA
medium
Node runners can lose all their stake rewards due to how the DAO commissions can be set to a 100%
medium
GiantPool should not check ETH amount on withdrawal
medium
Adding non EOA representative
medium
Withdrawing wrong LPToken from GiantPool leads to loss of funds
Oct '22
high
`_deleteLienPosition()` is lacking access control
high
_validateCommitment() can be bypassed as 0 address is not checked on the return value of ecrecover
high
`protocolFee` and `buyoutFee` are not set in constructor() and there is no way to set its value
medium
Auction time extension in `createBid()` is calculated wrongly
medium
AuctionHouse max duration is not used correctly
medium
`cancelVouch()` can break some parts of the protocol due to the way it changes the vouchers array.
medium
`redeem()` may not withdraw the correct amount of underlying token for caller for the number of uTokens burned
medium
`removeAdapter()` does not ensure that the money market that is removed no longer carries any assets.
medium
`removeAdaptor()` is not removing the removed money market from `withdrawSeq[]`.
Sep '22
high
User unable to withdraw at the end of an auction if the order they placed is the same as clearing price, but did not receive any fills.
high
Auction can potentially sell more contracts than it has collateral for.
medium
_getNextFriday() returns wrong value when timestamp is between Monday 12am and 8am.
Aug '22